New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 712-50 Exam - Topic 6 Question 103 Discussion

Actual exam question for Eccouncil's 712-50 exam
Question #: 103
Topic #: 6
[All 712-50 Questions]

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Ronna at Mar 04, 2025, 05:19 AM

Limited Time Offer

25%

Off

Get Premium 712-50 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Demetra
3 months ago
I’m surprised this is even a question; everyone should know it’s Investigation!
upvoted 0 times
...
Shawna
3 months ago
Recovery phase is for fixing things, not extracting info!
upvoted 0 times
...
Hector
3 months ago
Wait, are we sure it's not the Response phase? Seems like a gray area.
upvoted 0 times
...
Fabiola
4 months ago
I agree, Investigation is key for preserving data integrity.
upvoted 0 times
...
Deandrea
4 months ago
It's definitely the Investigation phase! That's where we gather evidence.
upvoted 0 times
...
Quiana
4 months ago
I’m a bit confused. Could it also be part of the Response phase? I feel like both phases involve some level of data handling.
upvoted 0 times
...
Pamella
4 months ago
I practiced a similar question, and I believe it's definitely the Investigation phase. That's when you gather all the details before moving on to recovery.
upvoted 0 times
...
Jeanice
4 months ago
I'm not entirely sure, but I remember something about the Response phase being more about containment and not really about extracting data.
upvoted 0 times
...
Sherman
5 months ago
I think the phase where the team extracts information without altering original data is the Investigation phase. It makes sense since they need to analyze the evidence carefully.
upvoted 0 times
...
Lizbeth
5 months ago
I'm a bit confused by this question. The scenario talks about the IRT being deployed, but it's not clear to me which phase that would correspond to. I'll need to review the incident response process steps to figure out which one involves extracting data without altering it. Might be worth jotting down some notes on the different phases.
upvoted 0 times
...
Felicidad
5 months ago
Okay, let's see here. The key is extracting information without altering the original data. That sounds like the Investigation phase to me, where the team would be collecting and analyzing evidence. I'm pretty confident that's the right answer, but I'll double-check the definitions of the phases just to be sure.
upvoted 0 times
...
Cordelia
5 months ago
Hmm, I'm a little unsure about this one. The question mentions the IRT being deployed, so I'm wondering if that means the Response phase is the correct answer. I'll have to think through the different phases of the incident response process to be sure.
upvoted 0 times
...
Delbert
5 months ago
This seems like a pretty straightforward incident response question. I'm going to focus on the key details - the systems are showing erratic behavior and the IRT has been deployed to investigate. The question is asking about the phase where they extract information without altering the original data, so I'm thinking that's the Investigation phase.
upvoted 0 times
...
Yuette
10 months ago
B) Investigation is the way to go. You don't want the team to be like a bull in a china shop, you know? Gotta be careful and delicate when gathering that evidence. Hey, at least they won't be playing 'Capture the Flag' with the servers!
upvoted 0 times
Carmela
8 months ago
D) Follow-up
upvoted 0 times
...
Sharan
8 months ago
C) Recovery
upvoted 0 times
...
Ressie
8 months ago
B) Investigation
upvoted 0 times
...
Evan
9 months ago
A) Response
upvoted 0 times
...
...
Niesha
10 months ago
I'm going with B) Investigation. That's where the real detective work happens, and you can't afford to mess it up by accidentally changing the evidence. Unless, of course, you're secretly the culprit and want to cover your tracks. Just joking, just joking!
upvoted 0 times
Barbra
9 months ago
User 2: Definitely, we need to be careful not to disturb the original data during this phase.
upvoted 0 times
...
Keena
10 months ago
User 1: I agree, B) Investigation is crucial for gathering evidence without altering it.
upvoted 0 times
...
...
Taryn
10 months ago
B) Investigation makes the most sense here. You need to extract information without altering the original data to understand what's happening and how to respond effectively. Anything else would just be guesswork.
upvoted 0 times
...
Truman
11 months ago
I believe it's important to not alter original data during the Investigation phase to preserve evidence for analysis.
upvoted 0 times
...
Yuriko
11 months ago
The answer is clearly B) Investigation. That's when the team will gather and analyze the evidence without modifying the original data. I've seen this in my training, and it's crucial for preserving the integrity of the investigation.
upvoted 0 times
Ryan
9 months ago
Absolutely. The investigation phase is crucial for gathering information and understanding the scope of the incident before taking further action.
upvoted 0 times
...
Miesha
9 months ago
I agree. Altering the original data during the investigation phase can lead to inaccurate conclusions and compromise the entire incident response.
upvoted 0 times
...
Carolann
9 months ago
That's correct. It's important to preserve the original data to ensure the integrity of the investigation process.
upvoted 0 times
...
Carisa
10 months ago
Yes, you're right. During the investigation phase, we need to carefully collect and analyze the evidence without changing anything.
upvoted 0 times
...
...
Leota
11 months ago
I agree with Salina, in the Investigation phase, they gather information without altering data.
upvoted 0 times
...
Salina
11 months ago
I think the team will extract information in the Investigation phase.
upvoted 0 times
...

Save Cancel